Member Avatar for opawix 
                              <td width="50%" class="path">Student Name
        <div class="span12">     

        <form method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
                <select name="student_reg" class="chzn-select"required/>
                <option></option>
                <?php 
                @$db = mysql_connect("localhost","root","");
                mysql_select_db("student",$db);
                @$result =  mysql_query("select * from admission")or die(mysql_error()); 
                while ($row=mysql_fetch_array($result)){ ?>
                <option value="<?php printf ($row['id']); ?>"><?php printf ($row['name']." ".$row['lastname']); ?></option>
                <?php } ?>
                </select>
            </td>
 </tr>
 <?php

   $sub_name = $_POST['sub_name'];
   $sub_id = $_POST['sub_id'];
   $name = $_POST['name'];
   $lastname = $_POST['lastname'];
   $id = $_POST['id'];

    $sql = mysql_query("insert into load_subject (sub_name,sub_id,name,lastname,id) select ('$sub_name','$sub_id','$name','$lastname','$id')")or die(mysql_error());

    if(@mysql_query($sql and $sql2)){
        echo"Successful";
    }
 else{
     echo"Error";
 }

$sql = "SELECT * from subject INNER JOIN admission";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{       
?>
                            <tr align="center">

                                <td></td>
                                <td bgcolor="#DDDDDD"><input type="Text" class="textbox1" name="sub_name" size="35" value="<?php printf($row['sub_name']); ?>"></td>
                                <td bgcolor="#DDDDDD"><input type="Text" class="textbox1" name="sub_id" size="35" value="<?php printf($row['sub_id']); ?>"></td>
                                <td bgcolor="#DDDDDD"><font face="verdana" style="font-size:12px"></font><input type="submit" value="Submit"/><a class="buttonform"></td>
                              </form>
                            </tr>

                            <?php
                    }
                ?>
                          </table></td>

I encouter with this code problem, trying to get all the data in a form to be inserted into 'load_subject' table.
please help me with this. thank you.

  • 2 Contributors
  • 3 Replies
  • 184 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 3 Replies

Member Avatar for diafol

This code is mashed php and html with inline styling with both deprecated code and markup tags.
You are wide open to SQL injection.

There is so much wrong with it, it's difficult to know where to begin - and I do apologise if that sounds a bit harsh.

Try to separate out PHP and HTML as far as possible.
Do not use deprecated HTML tags like <font>
Place styling into CSS files or at least into <style> tags in the head section
Do not use the deprecated mysql_* functions, use mysqli or PDO instead
If using PDO - use a prepared statement for binding your input parameters or if using mysqli, you have the choice of using a prepared statement or sanitizing the input before placing into the SQL string.

DW Tutorial: Common Issues with MySQL and PHP

I believe I mentioned some of these issues here: https://www.daniweb.com/programming/web-development/threads/502595/php-enrollment-system-loading-up-subjects#post2196989

Edited by diafol
Member Avatar for opawix

Thank you sir. And I'm sorry for trying to insist this old school mysql code. But what am I want to achieve is to know the solution to this. I will not going to deploy this anyway.

Member Avatar for diafol

Why are you insisting on using code that is about 15 years old? It doesn.t make any sense. If it.s not being deployed then I.m assuming it.s for your own use as a learning project. You will learn nothing from this other than bad habits. Ok. Your choice but just so you know, many contributors will not think about posting to code that looks like this.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.